Privacy Policy

Who we are

In this sec­tion you should note your site URL, as well as the name of the com­pa­ny, orga­ni­za­tion, or indi­vid­ual behind it, and some accu­rate con­tact infor­ma­tion.

The amount of infor­ma­tion you may be required to show will vary depend­ing on your local or nation­al busi­ness reg­u­la­tions. You may, for exam­ple, be required to dis­play a phys­i­cal address, a reg­is­tered address, or your com­pa­ny reg­is­tra­tion num­ber.

What personal data we collect and why we collect it

In this sec­tion you should note what per­son­al data you col­lect from users and site vis­i­tors. This may include per­son­al data, such as name, email address, per­son­al account pref­er­ences; trans­ac­tion­al data, such as pur­chase infor­ma­tion; and tech­ni­cal data, such as infor­ma­tion about cook­ies.

You should also note any col­lec­tion and reten­tion of sen­si­tive per­son­al data, such as data con­cern­ing health.

In addi­tion to list­ing what per­son­al data you col­lect, you need to note why you col­lect it. These expla­na­tions must note either the legal basis for your data col­lec­tion and reten­tion or the active con­sent the user has giv­en.

Per­son­al data is not just cre­at­ed by a user’s inter­ac­tions with your site. Per­son­al data is also gen­er­at­ed from tech­ni­cal process­es such as con­tact forms, com­ments, cook­ies, ana­lyt­ics, and third par­ty embeds.

By default Word­Press does not col­lect any per­son­al data about vis­i­tors, and only col­lects the data shown on the User Pro­file screen from reg­is­tered users. How­ev­er some of your plu­g­ins may col­lect per­son­al data. You should add the rel­e­vant infor­ma­tion below.

Comments

In this sub­sec­tion you should note what infor­ma­tion is cap­tured through com­ments. We have not­ed the data which Word­Press col­lects by default.

Media

In this sub­sec­tion you should note what infor­ma­tion may be dis­closed by users who can upload media files. All uploaded files are usu­al­ly pub­licly acces­si­ble.

Contact forms

By default, Word­Press does not include a con­tact form. If you use a con­tact form plu­g­in, use this sub­sec­tion to note what per­son­al data is cap­tured when some­one sub­mits a con­tact form, and how long you keep it. For exam­ple, you may note that you keep con­tact form sub­mis­sions for a cer­tain peri­od for cus­tomer ser­vice pur­pos­es, but you do not use the infor­ma­tion sub­mit­ted through them for mar­ket­ing pur­pos­es.

Cookies

In this sub­sec­tion you should list the cook­ies your web­site uses, includ­ing those set by your plu­g­ins, social media, and ana­lyt­ics. We have pro­vid­ed the cook­ies which Word­Press installs by default.

Analytics

In this sub­sec­tion you should note what ana­lyt­ics pack­age you use, how users can opt out of ana­lyt­ics track­ing, and a link to your ana­lyt­ics provider’s pri­va­cy pol­i­cy, if any.

By default Word­Press does not col­lect any ana­lyt­ics data. How­ev­er, many web host­ing accounts col­lect some anony­mous ana­lyt­ics data. You may also have installed a Word­Press plu­g­in that pro­vides ana­lyt­ics ser­vices. In that case, add infor­ma­tion from that plu­g­in here.

Who we share your data with

In this sec­tion you should name and list all third par­ty providers with whom you share site data, includ­ing part­ners, cloud-based ser­vices, pay­ment proces­sors, and third par­ty ser­vice providers, and note what data you share with them and why. Link to their own pri­va­cy poli­cies if pos­si­ble.

By default Word­Press does not share any per­son­al data with any­one.

How long we retain your data

In this sec­tion you should explain how long you retain per­son­al data col­lect­ed or processed by the web­site. While it is your respon­si­bil­i­ty to come up with the sched­ule of how long you keep each dataset for and why you keep it, that infor­ma­tion does need to be list­ed here. For exam­ple, you may want to say that you keep con­tact form entries for six months, ana­lyt­ics records for a year, and cus­tomer pur­chase records for ten years.

What rights you have over your data

In this sec­tion you should explain what rights your users have over their data and how they can invoke those rights.

Where your data is sent

In this sec­tion you should list all trans­fers of your site data out­side the Euro­pean Union and describe the means by which that data is safe­guard­ed to Euro­pean data pro­tec­tion stan­dards. This could include your web host­ing, cloud stor­age, or oth­er third par­ty ser­vices.

Euro­pean data pro­tec­tion law requires data about Euro­pean res­i­dents which is trans­ferred out­side the Euro­pean Union to be safe­guard­ed to the same stan­dards as if the data was in Europe. So in addi­tion to list­ing where data goes, you should describe how you ensure that these stan­dards are met either by your­self or by your third par­ty providers, whether that is through an agree­ment such as Pri­va­cy Shield, mod­el claus­es in your con­tracts, or bind­ing cor­po­rate rules.

Contact information

In this sec­tion you should pro­vide a con­tact method for pri­va­cy-spe­cif­ic con­cerns. If you are required to have a Data Pro­tec­tion Offi­cer, list their name and full con­tact details here as well.

Additional information

If you use your site for com­mer­cial pur­pos­es and you engage in more com­plex col­lec­tion or pro­cess­ing of per­son­al data, you should note the fol­low­ing infor­ma­tion in your pri­va­cy pol­i­cy in addi­tion to the infor­ma­tion we have already dis­cussed.

How we protect your data

In this sec­tion you should explain what mea­sures you have tak­en to pro­tect your users’ data. This could include tech­ni­cal mea­sures such as encryp­tion; secu­ri­ty mea­sures such as two fac­tor authen­ti­ca­tion; and mea­sures such as staff train­ing in data pro­tec­tion. If you have car­ried out a Pri­va­cy Impact Assess­ment, you can men­tion it here too.

What data breach procedures we have in place

In this sec­tion you should explain what pro­ce­dures you have in place to deal with data breach­es, either poten­tial or real, such as inter­nal report­ing sys­tems, con­tact mech­a­nisms, or bug boun­ties.

What third parties we receive data from

If your web­site receives data about users from third par­ties, includ­ing adver­tis­ers, this infor­ma­tion must be includ­ed with­in the sec­tion of your pri­va­cy pol­i­cy deal­ing with third par­ty data.

What automated decision making and/or profiling we do with user data

If your web­site pro­vides a ser­vice which includes auto­mat­ed deci­sion mak­ing — for exam­ple, allow­ing cus­tomers to apply for cred­it, or aggre­gat­ing their data into an adver­tis­ing pro­file — you must note that this is tak­ing place, and include infor­ma­tion about how that infor­ma­tion is used, what deci­sions are made with that aggre­gat­ed data, and what rights users have over deci­sions made with­out human inter­ven­tion.

Industry regulatory disclosure requirements

If you are a mem­ber of a reg­u­lat­ed indus­try, or if you are sub­ject to addi­tion­al pri­va­cy laws, you may be required to dis­close that infor­ma­tion here.